From owner-svn-src-head@FreeBSD.ORG Wed Sep 30 14:28:39 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CE7C106568F; Wed, 30 Sep 2009 14:28:39 +0000 (UTC) (envelope-from cokane@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D5D928FC0C; Wed, 30 Sep 2009 14:28:38 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n8UESckX017688; Wed, 30 Sep 2009 14:28:38 GMT (envelope-from cokane@svn.freebsd.org) Received: (from cokane@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n8UEScWk017686; Wed, 30 Sep 2009 14:28:38 GMT (envelope-from cokane@svn.freebsd.org) Message-Id: <200909301428.n8UEScWk017686@svn.freebsd.org> From: Coleman Kane Date: Wed, 30 Sep 2009 14:28:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r197644 - head/sys/dev/if_ndis X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2009 14:28:39 -0000 Author: cokane Date: Wed Sep 30 14:28:38 2009 New Revision: 197644 URL: http://svn.freebsd.org/changeset/base/197644 Log: Correct a bug that could lead to a kernel panic if a user attempted to perform 802.11 operations directly on the ndis0 interface before the first VAP (wlan0) had been created. This would lead to a NULL-pointer dereference in the kernel. Submitted by: Paul B. Mahol MFC after: 3 days Modified: head/sys/dev/if_ndis/if_ndis.c Modified: head/sys/dev/if_ndis/if_ndis.c ============================================================================== --- head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 13:26:31 2009 (r197643) +++ head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 14:28:38 2009 (r197644) @@ -1534,7 +1534,7 @@ ndis_inputtask(dobj, arg) if (m == NULL) break; KeReleaseSpinLock(&sc->ndis_rxlock, irql); - if (sc->ndis_80211) + if (sc->ndis_80211 && vap) vap->iv_deliver_data(vap, vap->iv_bss, m); else (*ifp->if_input)(ifp, m); @@ -1746,7 +1746,7 @@ ndis_ticktask(d, xsc) sc->ndis_sts == NDIS_STATUS_MEDIA_CONNECT) { sc->ndis_link = 1; NDIS_UNLOCK(sc); - if (sc->ndis_80211) { + if (sc->ndis_80211 && vap) { ndis_getstate_80211(sc); ieee80211_new_state(vap, IEEE80211_S_RUN, -1); } @@ -1758,7 +1758,7 @@ ndis_ticktask(d, xsc) sc->ndis_sts == NDIS_STATUS_MEDIA_DISCONNECT) { sc->ndis_link = 0; NDIS_UNLOCK(sc); - if (sc->ndis_80211) + if (sc->ndis_80211 && vap) ieee80211_new_state(vap, IEEE80211_S_SCAN, 0); NDIS_LOCK(sc); if_link_state_change(sc->ifp, LINK_STATE_DOWN); @@ -2047,9 +2047,6 @@ ndis_init(xsc) /* Setup task offload. */ ndis_set_offload(sc); - if (sc->ndis_80211) - ndis_setstate_80211(sc); - NDIS_LOCK(sc); sc->ndis_txidx = 0; @@ -2297,8 +2294,6 @@ ndis_setstate_80211(sc) ifp = sc->ifp; ic = ifp->if_l2com; vap = TAILQ_FIRST(&ic->ic_vaps); - if (vap == NULL) - return; if (!NDIS_INITIALIZED(sc)) { DPRINTF(("%s: NDIS not initialized\n", __func__)); @@ -2730,8 +2725,6 @@ ndis_getstate_80211(sc) ifp = sc->ifp; ic = ifp->if_l2com; vap = TAILQ_FIRST(&ic->ic_vaps); - if (vap == NULL) - return; ni = vap->iv_bss; if (!NDIS_INITIALIZED(sc))